A security company says it has traced cyber-espionage activities to a unit of China’s People’s Liberation Army.
In a report released on Tuesday, Mandiant Corp. said it has reasons to believe that a group it called Advanced Persistent Threat 1 (APT1) is likely backed by the Chinese government.
Mandiant, an advanced threat detection and response firm based in Washington D.C. said the cyber-espionage activity was traced to a certain PLA Unit 61398. The company said the unit is located in a huge building in Datong Road in Gaoqiaozhen, in the Pudong New Area in Shanghai.
A statement released on Tuesday, Mandiant said Unit 61398’s activities are considered a state secret. However, Mandiant said it has been tracking APT1 since 2006 and has found it to have compromised 141 companies in 20 major industries. The security firm said 80 per cent of the target companies were headquartered in countries where English is the native language and are in industries that China
has identified as strategic.
A report from Computerworld.com, however said that China’s Foreign Ministry on Tuesday said that the government is opposed to hacking.
Canada spared by Red October cyber spy ring?
Black Hat: Cyber-espionage is expanding
“Cyber-attacks are transnational and anonymous,” said ministry spokesman Hong Lei in a press conference. “It is very hard to trace the origin of attacks. I don’t know has this evidence in the relevant report is tenable.”
Mandiant said APT1 uses tools called GETMAIL and MAPIGET which are meant for stealing emails. The group can revisit a victim’s network over a period of months or years and pilfer technology blue prints, business plans, proprietary processes, emails, contact list and contract information, said Mandiant.
The security firm said it is releasing more than 3,000 APT1 indicators to expose APT1’s infrastructure and allow organizations to bolster their defenses against the cyber group.